Introduction

Linux systems are often used as server computers, or at least they are connected to the internet more or less directly. On such systems, network security is particularly important, because incorrectly configured servers can provide miscreants with a way into your system to do whatever damage they like. One of the first lines of defence against such problems is limiting access by port. In this context a port is a numbered access point for your computer, much like a telephone extension number in a business phone system. Ports are related to sockets, which are programming abstractions of network connection endpoints. Typically you wont deal with sockets per se as a system administrator, though. You can protect access by port in three main ways:

By configuring a Firewall

By using restrictions built into super servers

By disabling servers you are not actively using

First, though, you must know a bit about ports.

Common server ports

Many firewalls and other network security devices operate by blocking or enabling access to specific ports. For instance, a firewall might block outside access to the SSH ports but let through traffic to the SMTP (Simple Mail Transfer Protocol) mail server port. In order to configure a firewall in this way, of course, you must know the port numbers. Linux systems contain a file, /etc/services, that lists service names and the ports with which the are associated. Lines in this file look something like this:

ssh 22/tcp # SSH Remote Login Protocol

ssh 22/udp # SSH Remote Login Protocol

telnet 23/tcp

# 24 - private

smtp 25/tcp

The fisrt coloumn contains a service name (ssh, telnet, or smtp in this example). The second coloumn contains the port number and protocol (such as 22/tcp, meaning TCP port 22). Anything following a bash mark (#) is a comment and is ignored. The etc/services file lists port numbers for both TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) ports. Typically, a single service is assigned use of the same TCP and UDP port numbers (as in the ssh service in this example), although in practice most protocols use just one or the other. When configuring a firewall, its generally bets to block both TCP and UDP ports; this ensures that you wont accidently block the wrong port type.

The following summarizes the port numbers used by the most important protocols run on Linux systems. This list is, however, incomplete; it only hit some of the most common protocols. In fact, even /etc/services is incomplete and may need to be expanded for certain obscure servers. (Their documentation describes how to, if necessary.)

One key distinction between TCP/IP ports is that between privileged ports and unprivileged ports. The former have numbers below 1024. Unix and Linux systems restrict access to to privileged ports to root. The idea is that a client can connect to a privileged port and and be confident that the server running on that port was configured by the system administrator and can then be trusted. Well, today we don't trust eachother very much on the internet so that distinction isn't vey useful. Know your ports, believe me it's useful!!